Code Completion crash

Jens Dagerbo jens.dagerbo at swipnet.se
Mon Nov 27 18:17:18 UTC 2006 

Hi,

A new crash in code completion appeared recently. 

The trace looks like this (I've added a print to say when we enter 
appendNextFunction()):
kdevelop (cpp support): [void 
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
kdevelop (cpp support): [void 
...
...
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
kdevelop (cpp support): [void 
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
Segmentation fault

The backtrace(with my added print):
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47347505625728 (LWP 1918)]
0x00002b0ff323c810 in malloc () from /lib/libc.so.6
(gdb) bt
#0  0x00002b0ff323c810 in malloc () from /lib/libc.so.6
#1  0x00002b0ff2e28b0d in operator new () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#2  0x00002b0ff10b006e in QGArray::newData () 
from /usr/qt/3/lib64/libqt-mt.so.3
#3  0x00002b0ff10b0250 in QGArray::QGArray () 
from /usr/qt/3/lib64/libqt-mt.so.3
#4  0x00002b0ff10a39f8 in QCString::QCString () 
from /usr/qt/3/lib64/libqt-mt.so.3
#5  0x00002b0ff019f069 in KConfigBase::readEntryUtf8 () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#6  0x00002b0ff019f9e6 in KConfigBase::readNumEntry () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#7  0x00002b0ff019faa3 in KConfigBase::readNumEntry () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#8  0x00002b0ff018cae3 in kdbgstream::flush () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#9  0x0000000000408cff in kdbgstream::operator<< (this=0x7fffbcf584c0, 
string=0x40e3ea "\n") at /usr/kde/3.5/include/kdebug.h:232
#10 0x0000000000408d28 in endl (s=@0x7fffbcf584c0) 
at /usr/kde/3.5/include/kdebug.h:430
#11 0x0000000000408bf5 in kdbgstream::operator<< (this=0x7fffbcf584c0, 
f=0x408d0e <endl(kdbgstream&)>) at /usr/kde/3.5/include/kdebug.h:260
#12 0x00002b0ff5da5e44 in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=@0x7fffbcf58580)
    at simpletypefunction.cpp:144
#13 0x00002b0ff5da5f03 in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=@0x7fffbcf58610)
    at simpletypefunction.cpp:148
#14 0x00002b0ff5da5f03 in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=@0x7fffbcf586a0)
    at simpletypefunction.cpp:148
#15 0x00002b0ff5da5f03 in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=@0x7fffbcf58730)
    at simpletypefunction.cpp:148
...

The backtrace (without my print):
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47579123927680 (LWP 12303)]
0x00002b45e0696651 in __cxxabiv1::__vmi_class_type_info::__do_dyncast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
(gdb) bt
#0  0x00002b45e0696651 in __cxxabiv1::__vmi_class_type_info::__do_dyncast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#1  0x00002b45e0696068 in __cxxabiv1::__si_class_type_info::__do_dyncast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#2  0x00002b45e06969f1 in __dynamic_cast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#3  0x00002b45e35f843f in SimpleTypeImpl::asFunction (this=0x9b13f70) at 
simpletype.cpp:229
#4  0x00002b45e3612e6a in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=@0x7fffcf6ea200) at simpletypefunction.cpp:147
#5  0x00002b45e3612eaf in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=@0x7fffcf6ea270) at simpletypefunction.cpp:148
#6  0x00002b45e3612eaf in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=@0x7fffcf6ea2e0) at simpletypefunction.cpp:148
#7  0x00002b45e3612eaf in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=@0x7fffcf6ea350) at simpletypefunction.cpp:148
#8  0x00002b45e3612eaf in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=@0x7fffcf6ea3c0) at simpletypefunction.cpp:148
#9  0x00002b45e3612eaf in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=@0x7fffcf6ea430) at simpletypefunction.cpp:148
#10 0x00002b45e3612eaf in SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=@0x7fffcf6ea4a0) at simpletypefunction.cpp:148
...
etc

It seems rather likely the crash is caused by an exhausted stack 
from "endlessly" recursing into appendNextFunction. Sadly I can't seem to get 
enough of my head around the Code Completion code to actually understand what 
it attempts to do and why it fails.

To reproduce:
Find a methodname that appears in multiple places. I found it, and can 
reproduce it, with NewMainWindow::setCaption() in src/newmainwindow.cpp. You 
need to have a code completion database for KDElibs and Qt and have both 
enabled (Both KDE and Qt have "setCaption" methods. It might work with just 
one, haven't tested that.) and then rightclick a few times on 
the "setCaption" string in the editor. First time it usually works, but the 
second time, KDevelop normally crashes.

Btw, I use an AMD64 system, but this was reproduced by two people on IRC on 
32-bit systems.

David, any idea?

// jens

More information about the KDevelop-devel mailing list